How to use untrusty cryptographic devices
Daniel Kucner and Miroslaw Kutylowski
Institute of Computer Science, University of Wroclaw,
Inst. of Mathematics, Wroclaw University of Technology, and CC Signet
Secure devices implementing standard cryptographic operations such as
electronic signatures can leak information on secret data using
kleptography techniques. Testing such devices is extremely hard, since
on one hand one of design objectives is to disable external access to
the device, and on the other hand the output of a contaminated device
might be indistinguishable from the legitimate one is a secret data is
unknown. We discuss a couple of simple and cheap techniques that may be
used as defense against such threats.